
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/554,417 



05/1 1/2000 



10361 7590 05/28/2004 

ANTONY C. EDWARDS 

SUITE 800- 1708 DOLPHIN AVENUE 

KELOWNA, BC VI Y 9S4 

CANADA 



LYNN SPRAGGS 



PA1064US 



6865 



EXAMINER 



CHEN, SHIN HON 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 05/28/2004 



TT 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO 90C (Rev 10/03) 



Office Action Summary 



Application No. " wr 

09/554,417 


Applicant(s) 

SPRAGGS, LYNN 


Examiner 

Shin-Hon Chen 


Art Unit 

2131 





•- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -• 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply. specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 30 March 2004 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) D Claim(s) is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 11 May 2000 is/are: a)|^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121 (d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d)or (f). 
a)D All b)Q Some * c)D None of: 

1 .D Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-1 52) 
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DETAILED ACTION 

1 . Claims 1-16 have been examined. 

Claim Rejections - 35 USC § 112 

2. Claim 1-16 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply 
with the enablement requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to enable one skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and/or use the invention. 

As per claims 1-16, the claims recite "supervisor user" is not found in the specification 
and "preventing physical login" recited in claims 1-16 is not mentioned or described in 
the specification. 

As per claims 1-16, the claims recite "prevent physical login to the server computer by 
any user while the server computer is so locked" is not described in the specification. 
The specification describes that users are still allowed to use other services on the server 
(page 8 lines 4-16). 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 1, 8, and 13 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 
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5. Claims 1, 8, and 13 recite the limitation "the supervisor user" in claims. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC §103 
6. Claims 1, 2, 8, 1 1, 13, and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hitz et al. U.S. Pub. No. 2001/0039622 (hereinafter Hitz) in view of 
Duxbury and further in view of Lim et al. U.S. Pat. No. 6434619 (hereinafter Lim). 

As per claim 1, 2, 8, 1 1, 13, and 16, Hitz discloses a system for securing a server 
computer from unauthorized access by a user (Hitz: [0004]-[0007] and [0032]-[0041]: 
users are restricted access based on conditions). Hitz does not explicitly disclose the 
system comprising an access engine for temporarily and replaceably removing the 
supervisor user on the server computer. However, Duxbury discloses these limitations 
(Duxbury: column 4 lines 20-29: remove the superuser status). The superuser is a nick- 
name for root and removing the superuser also means to remove the root or root account. 
It would have been obvious to one having ordinary skill in the art to temporarily and 
replaceably remove the supervisor user from on the server computer, which can be done 
by moving the user to a regular user status. Therefore, it would have been obvious to one 
having ordinary skill in the art to combine the teachings of Duxbury within the system of 
Hitz to enforce access control policy of network resources. 

Hitz as modified does not explicitly disclose removing the supervisor user to temporarily 
lock the server computer and to thereby prevent physical login to the server computer by 
any user while the server computer is so locked. However, Lim discloses login from 
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internal/external user or administrator may fail due to various reasons including server 
status locked, non-existent account, disabled account, etc. (Lim: column 9 lines 53-63). It 
would have been obvious to one having ordinary skill in the art to remove superuser 
account/status to cause login failure and cause server status locked in order to prevent 
access to a system. Therefore, it would have been obvious to one having ordinary skill in 
the art to combine the teachings of Lim within the combination of Hitz-Duxbury because 
it increases the security of the system by disallowing access due to various types of 
reasons. 

7. Claims 3, 4, and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hitz in view of Duxbury and further in view of Lim and further in view of Boebert 
et al. U.S. Pat. No. 5822435 (hereinafter Boebert2). 

As per claim 3, Hitz as modified discloses a system in claim 1. Hitz as modified 
does not explicitly teach the method of removing supervisor rights from an external client 
computer. However, Boebert2 teaches the method of accessing the server from an 
unsecured computer (Boebert2: column 3 lines 19-23: ensure secure communication 
medium between a user working on an unsecure computer and a host computer). It would 
have been obvious to one having ordinary skill in the art to allow a user to access the 
server from a workstation that the user has easier access to by using different types of 
authentication method. Therefore, it would have been obvious to combine the teachings 
Boebert2 within the combination of Hitz-Duxbury-Lim to allow users with authority to 
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remote login the server system from an external computer to manage the server or to lock 
the server without having to be at the server site. 

As per claim 4, Hitz as modified discloses a system in claim 3. Duxbury further 
teaches the access engine allows supervisor rights to be restored on the server computer 
(Duxbury: column 4 lines 20-30: allows the privilege to be reset when entering command 
shell). Since a user can be logged in remotely, the authorized user would be able to 
execute commands as disclosed by Duxbury. Therefore, it would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to combine the 
teachings of Duxbury within the combination of Hitz-Duxbury-Lim-Boebert2 because 
the server needs to be restored so that managing tasks or supervising tasks can be 
performed again by administrator or authorized users. 

As per claim 12, Hitz as modified discloses a method according to claim 8. Hitz 
as modified does not explicitly teach the method of removing supervisor rights from an 
external client computer over an Internet (Boebert2: column 3 lines 19-23: ensure secure 
communication medium between a user working on an unsecured computer and a host 
computer). Same rationale applies here as above in rejecting claim 3. 

8. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hitz in view of Duxbury and further in view of Lim and further in view of Boebert2 and 
further in view of Pang et al. U.S. Pat. No. 6446204 (hereinafter Pang). 
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As per claim 5 and 6, Hitz as modified discloses a system in claim 3. Hitz as 
modified does not explicitly teach authenticating user password and IP address before the 
external client computer can remove the supervisor rights. However, Pang teaches that 
limitation (Pang: column 1 lines 53-58: authorization information typically contain user's 
name and a password, a particular EP address). The use of IP address and password of 
users to access a server is well known in the art. Therefore, it would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to combine the 
teachings of Boebert, Duxbury, Boebert2, and Pang because multiple authentication 
increase difficulty for unauthorized users to break into the system. 

9. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hitz in 
view of Duxbury and further in view of Lim and further in view of Truong U.S. Pat. No. 
6151609 (hereinafter Truong). 

As per claim 7, Hitz as modified discloses a system in claim 1. Hitz as modified 
does not explicitly teach the computer system is a server computer that connects to an 
Internet. However, Truong teaches an Internet server that allows remote editing (Truong: 
column2 lines 42-51: tasks of system administrator; column 3 lines 12-60: a remote 
editor system). It would have been obvious to one having ordinary skill in the art at the 
time of applicant's invention to combine the teaching of Truong within the combination 
of Hitz-Duxbury-Lim because it allows the system administrator to maintain and manage 
the server when the system administrator is not physically near the server computer. 
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10. Claims 9, 10, 14, and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hitz in view of Duxbury and further in view of Lim and further in view 
of Wu et al. U.S. Pat. No. 5774551 (hereinafter Wu). 

As per claim 9, 10, 14, and 15, Hitz as modified discloses a method according to 
claims 8 and 13. Hitz as modified does not explicitly teach the use of IP address of 
trusted external computer to authenticate users before removing the supervisor user. 
However, Wu teaches the method of authenticating EP address with a list and password 
supplied by the external client computer (Wu: column 13 lines 42-52: the authenticate 
user method tests the name or address of the remote computer against a list of trusted 
remote computers; column 15 lines 1-5: request and verify a user's password). It would 
have been obvious to one having ordinary skill in the art to combine the teachings of Wu 
within the combination of Hitz-Duxbury-Lim because it is well known in the art to 
authenticate users before any operation on server can be performed. 

Response to Arguments 

11. Applicant's arguments with respect to claims 1-16 have been considered but are 
moot in view of the new ground(s) of rejection. 

Regarding Duxbury reference, the claims do not recite to "have no users on the 
server" and this limitation cannot be found on the specification. Instead, the specification 
discloses removing supervisor rights on the server (page 8). Therefore, the claims remain 
rejected. 
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Regarding Truong reference, Truong discloses remotely managing and editing 
files stored on the server instead of merely talking about FTP and transporting files 
between server and client. Therefore, the Truong reference presents significant relevance 
to the invention. 

Regarding Wu reference, the use of username, password, and other identifier to 
authenticate users is well known in the art. Therefore, it is essential for an administrator 
to perform administrative tasks after authentication has been performed to ensure security 
and administrative tasks include adding/removing users. 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Chang et al. U.S. Pat. No. 6219700 discloses web server based network and 
authentication is performed to ensure that a user can perform only those operations or 
access those files the user is authorized to perform and there is super system 
administrator to mange services in a network including adding and deleting 
administrators (column 2 lines 12-65 and column 7 lines 40-54). 

13. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (703) 305- 
8654. The examiner can normally be reached on Monday through Friday 8:30am to 
5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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